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(54) Title: A COMPUTER SECURITY SYSTEM 
(57) Abstract 



A method of preventing 
unauthorised access to a host 
computer system (1) by a user at 
a remote terminal (2) is provided 
using paging system technology. In 
the method, a user inputs his user 
identification code input into the 
terminal (2) which transmits same 
to the host computer system (1). 
The system then generates a random 
code (Code A) and subjects Code A 
to a transformation characteristic of 
a transformation algorithm identified 
by the input user identification code 
so as to generate a transformed code 
(Code B). Code A is transmitted via 
a paging system (7), to a receiver 
(6) held by the user. The receiver 
(6) comprises transformation means 
adapted to transform the received 
Code A to a second transformed 
code (Code C), and means (9) for 
displaying Code C to the user. The 
user then inputs the displayed Code 
C to the terminal (2) which trasmits 
it to the host system (1). The input 
Code C is then compared with Code 
B and access is only permitted if 
Code C matches Code B. 



L.A.N. 




USER ID 



CODE A 




BNSDOCID: <WO 9519593A1_I_> 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT on the front pages of pamphlets publishing international 
applications under the PCT. 



AT 


Austria 


GB 


United Kingdom 


MR 


Mauritania 


AU 


Australia 


GE 


Georgia 


MW 


Malawi 


BB 


Barbados 


GN 


Guinea 


NE 


Niger 


BE 


Belgium 


GR 


Greece 


NL 


Netherlands 


BF 


Burkina Faso 


HU 


Hungary 


NO 


Norway 


BG 


Bulgaria 


IE 


Ireland 


NZ 


New Zealand 


BJ 


Benin 


IT 


Italy 


PL 


Poland 


BR 


Brazil 


JP 


Japan 


FT 


Portugal 


BY 


Belarus 


KE 


Kenya 


RO 


Romania 


CA 


Canada 


KG 


Kyrgystan 


RU 


Russian Federation 


CF 


Central African Republic 


KP 


Democratic People's Republic 


SO 


Sudan 


CG 


Congo 




of Korea 


SE 


Sweden 


CH 


Switzerland 


KR 


Republic of Korea 


SI 


Slovenia 


CI 


C6te d'lvoire 


KZ 


Kazakhstan 


SK 


Slovakia 


CM 


Cameroon 


LI 


Liechtenstein 


SN 


Senegal 


CN 


China 


LK 


Sri Lanka 


TD 


Chad 


CS 


Czechoslovakia 


LU 


Luxembourg 


TG 


Togo 


CZ 


Czech Republic 


LV 


Latvia 


TJ 


Tajikistan 


DE 


Germany 


MC 


Monaco 


TT 


Trinidad and Tobago 


DK 


Denmark 


MD 


Republic of Moldova 


UA 


Ukraine 


E5 


Spain 


MG 


Madagascar 


US 


United States of America 


FI 


Finland 


ML 


Mali 


UZ 


Uzbekistan 


FR 


France 


MN 


Mongolia 


VN 


Viet Nam 


GA 


Gabon 











BNSDOCID: <WO 9519593A1_I_> 



WO 95/19593 PCT/GB95/00059 



A COMPUTER SECURITY SYSTEM 

The present invention relates to a computer security- 
system and comprises a method and apparatus for preventing 
5 unauthorized access to a host computer system. 

Many large computer systems require users to gain 
access via a remote terminal using a telephone link. In 
cases where access to the computer system is restricted to 

10 authorised personnel, attempts by unauthorised persons to 
gain access are referred to as "hacking". It is common 
practice for security systems to be installed in the 
computer system in an attempt to verify the identity of a 
user. However, to date no completely successful computer 

15 security system has been devised. 

There has now been devised an improved computer 
security system based on pager technology. 

20 According to a first aspect of the present invention 

there is provided a method of preventing unauthorised 
access to a host computer system by a user at a remote 
terminal comprising the steps of 

accepting a user identification code input to the 
25 terminal by the user; 

generating a random code (Code A); 

subjecting Code A to a transformation characteristic 
of a transformation algorithm identified by the input user 
identification code so as to generate a transformed code 
30 (Code B) ; 

transmitting Code A via a paging system, to a receiver 
held by the user, the receiver comprising transformation 
means adapted to transform the received Code A to a second 
transformed code (Code C) , and means for displaying Code C 
35 to the user; 

accepting input of Code C to the terminal by the user; 
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comparing Code C with Code B; and 

permitting access to the host system only if Code C 
matches Code B. 

According to a second aspect of the present invention 
there is provided apparatus for preventing unauthorized 
access to a host computer system by a user at a remote 
terminal, the apparatus comprising 

means for accepting a user identification code input 
to the terminal by the user; 

means for generating a random code (Code A) , and for 
subjecting Code A to a transformation to generate a 
transformed code (Code B) ; 

a transmitter for transmitting Code A via a paging 
15 system; 

a receiver held by the user, the receiver comprising 
transformation means adapted to transform the received Code 
A to a second transformed code (Code C) , and means for 
displaying Code C to the user; 

means for accepting input of Code C by the user; 
means for comparing Code C with Code B; and 
means for permitting access to the host system if Code 
C matches Code B. 

25 xt wil1 be appreciated that the receiver carried by an 

authorized user will have logic circuitry programmed with a 
transformation algorithm which is characteristic of that 
receiver. When the user enters his user identification 
code, the host computer system identifies the corresponding 
transformation algorithm in a database from the code and 
transforms the random code (Code A) to a new Code B in such 
a manner that the Code C, produced by the user's receiver 
from the transmitted code, will be identical to Code B with 
which it is compared. Thus, only a user both with knowledge 
35 of the user identification code and holding the 
corresponding receiver can gain access to the host system. 



20 



30 
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The transformation algorithms associated with each 
receiver may be completely different, or may be the same 
base algorithm which is convoluted with a code 
corresponding to the user's identification code so as to 
generate characteristic transformed codes. Preferably, the 
algorithms used are all, so called, one-way algorithms. 

The user identification code should preferably be 
treated by the user as a secret code and not be marked on 
the receiver. It is thus comparable with a personal 
identification number (PIN) familiar from many other 
contexts . 



Preferably also, the receiver can only be enabled for 
15 a predetermined period to permit it to transform the 
received Code A to the transformed Code C by input of a 
second user identification code by the user. This second 
code may also be in the form of a PIN . In this way 
additional security is provided since an unauthorised user 
cannot gain access to the system even if he has possession 
of the receiver and knows the user identification code 
without knowledge of the second identification or 
activation code. 

25 Preferably also, the signal incorporating Code A which 

is transmitted by the paging system also incorporates an 
identifier to enable the receiver to pick out the signal 
from a plurality which may be being transmitted at the same 
time. 

30 

In addition, the receiver is preferably always 
responsive to reception of its identifier regardless of 
whether or not it has been enabled by the user. Hence, the 
receiver is responsive to reception of its identifier in 
35 circumstances when the authorised user is not attempting to 
gain access to the host system. In this way the receiver 
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can alert the authorised user that an attempt at 
unauthorised access is being made. Preferably, therefore, 
the receiver emits an alarm or otherwise operates to alert 
the user in these circumstances. 

5 

The means for displaying Code C on the receiver can be 
a liquid crystal display or other conventional display 
means. Also, the means by which the signal is transmitted 
via the paging system and the means by which the 
10 transmitted signal is received by the receiver may both 
utilise technology which is generally conventional in 
paging systems. 

In a second more sophisticated embodiment, the method 
15 preferably comprises the additional steps of 

generating an access code by the terminal based on the 
user identification code and at least one of a terminal 
code for identifying the remote terminal, a network 
identification code for identifying which of a plurality of 
20 networks the remote terminal is connected to, and a 
software code identifying the presence or absence of 
particular software stored at the remote terminal site and 
accessible by its CPU; 

transmitting the access code to the host computer 
25 system; 

deconstructing the access code to produce at least one 
computer identification code and the user identification 
code ; 

generating a second random code (Code D) ; 
subjecting Code D and the computer identification code 
to a transformation characteristic of a transformation 
algorithm so as to generate a transformed code (Code E) ; 

subjecting Code A to a transformation characteristic 
of both the transformation algorithm identified by the 
input user identification code and Code E so as to generate 
the transformed code (Code B) ; 



30 



35 
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passing Code D to the remote terminal which also 
subjects Code D and the computer identif ication code to a 
transformation characteristic of a transformation algorithm 
so as to generate a transformed code (Code F) ; 

passing Code F to the receiver from the remote 
terminal which also subjects Code A to a transformation 
characteristic of both the transformation algorithm 
identified by the input user identification code and Code F 
so as to generate the transformed code (Code C) . 



As before the terminal compares Code C with Code B and 
only permits access to the host system if Code C matches 
Code B. However, it will be appreciated that this 
embodiment can be used to verify that the actual remote 
15 terminal being used is an authorised terminal. This will 
mean that in practice if the terminal is authorised, Code F 
will also equal Code E. 

Preferably also, the method comprises the further 
20 additional steps of 

deconstructing the access code to produce the user 
identification code, a first computer identification code 
characteristic of the computer hardware identifying 
portions of the access code and a second computer 
25 identification code characteristic of the computer software 
identifying portions of the access code; 

generating a second random code (Code Dl) and a third 
random code (Code D2) ; 

subjecting Code Dl and the first computer 
identification code to a transformation characteristic of a 
transformation algorithm so as to generate a transformed 
code (Code El) ; 

subjecting Code D2 and the second computer 
identification code to a transformation characteristic of a 
transformation algorithm so as to generate a transformed 
code (Code E2) ; and 



35 
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combining in a predetermined fashion Codes El and E2 
or parts thereof to produce the transformed code (Code E) ; 

passing Code Dl and Code D2 to the remote terminal (2) 
which subjects Code Dl and the first computer 
identification code to a transformation characteristic of a 
transformation algorithm so as to generate a transformed 
code (Code Fl), and which subjects Code D2 and the second 
computer identification code to a transformation 
characteristic of a transformation algorithm so as to 
generate a transformed code (Code F2) ; and 

combining in a predetermined fashion Codes Fl and F2 
or parts thereof to produce the transformed code (Code F) . 

It will be appreciated, therefore, that not only can 
the actual terminal be verified but the network system it 
is connected to can be verified too along with software 
which is accessible to the terminal. The latter can be 
checked by running security software which monitors the 
type of software which can be run by the terminal and 
20 supplies appropriately encrypted identification codes 
dependent on this software. 

Hence, in this way the system can be used to display 
sensitive information which, for example, can be made 
25 available for viewing only and not for further analysis at 
the remote terminal. 



15 



In this second embodiment, the receiver preferably 
takes the form of a security key which is linked to the 
30 remote terminal. Preferably, the receiver is linked to the 
central processing unit either by a plug and socket 
arrangement or by an infrared transmission system for the 
passage of information therebetween. 



35 



The various aspects of the present invention will now 
be described by way of example with reference to the 
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accompanying drawings, in which: - 

Fig. 1 is a schematic view of a first embodiment of a 
computer security system according to the invention; and 

Fig. 2 is a view similar to Fig. 1 but of a second 
embodiment of the system and additionally showing logic 
operations carried out by various components of the system. 



With reference first to Fig. 1, a host computer system 
1, typically one of several arranged in a local area 
network (LAN) , may be accessed from any one or more of a 
series of remote terminals 2, 3, 4 via a telephone line 
link. To gain access to the host system 1, a user at one of 
15 the terminals, say terminal 2, must first verify his or her 
identity by satisfying a security barrier system or 
security server 5, which is effectively interposed between 
the remote terminals 2, 3, 4 and the host system 1. 

20 The user carries a receiver unit 6 which includes 

encryption means for encryption of received codes. 
Typically, the unit will include logic circuitry to do this 
which preferably itself includes an EPROM or erasable 
programmable read only memory where the algorithm required 

25 is stored. As previously mentioned, this algorithm is 
preferably a one-way algorithm. 

The receiver unit 6 also stores in the EPROM an 
identity code. This identity code is a key for the one-way 
algorithm and is such that when applied to the algorithm, 
together with a code to be encrypted the resultant code is 
characteristic of the particular receiver unit 6. 



When the user seeks access to the host system 1 via 
the terminal 2, he enters his user identification code. 
This code may take any suitable form, for example his 
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actual name or preferably a more secure code such as a 
PIN. The security server 5 includes a database of all 
authorised users and their authorised receiver units 6, and 
identifies the corresponding identity code for the 
5 appropriate receiver unit 6. The security server 5 then 
generates a random code (Code A) and subjects this number 
to an encryption using the same one-way algorithm as is 
stored in the user's receiver 6 together with the 
corresponding identity code. In this way a transformed code 
10 (Code B) is produced. 

In addition to producing the transformed Code B, the 
security server 5 also transmits the random code to a 
paging system 7 along with an indentifier or identifying 

i5 tag which can be recognized by the receiver unit 6. The 
identifying tag and the random code are then broadcast by 
the paging system 7, typically using a radiof requency 
transmitter, in a fashion similar to conventional paging 
systems. Whilst the receiver unit 6 will pick up all codes 

20 broadcast on a particular frequency, the receiver unit 6 
will use the identifier to pick out the appropriate signal 
meant for it from a plurality which may be being 
transmitted at the same time. 

25 After or before entering his identification code into 

the terminal 2, the user also activates the receiver unit 6 
by entering a second user identification code, which is 
also preferably in the form of a secret PIN, via a keypad 
8. Preferably, the receiver unit 6 can receive the 

30 broadcast signal regardless of whether it has been 
activated or not, but activation enables the logic 
circuitry of the receiver unit S to permit it to encrypt 
the received random code. The receiver unit 6 therefore 
uses the received random number and the identity code 

35 stored in its own EPROM to produce a transformed code (Code 
C) via its own characteristic algorithm. This transformed 
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Code C is then displayed to the user on a display means 9, 
preferably a liquid crystal display, for a predetermined 
length of time such as five minutes. 

5 The terminal 2, at the behest of the security server 5 

prompts the user to input the transformed Code C displayed 
by the receiver unit 6. After input, the security server 5 
compares the input Code C with the transformed code, Code 
B, it produced by encryption of the random code, Code A. If 
10 Code B and Code C are identical, access to the host system 
1 is permitted. 

A second more sophisticated embodiment of the 
invention is shown in Fig. 2 and the same reference numbers 
15 are used in Fig. 1 as have been used in Fig. 1 to indicate 
similar features of the system. In addition, logic 
operations carried out by various components of the system 
are shown in the rounded edged boxes. 

20 This second embodiment enables verification of the 

actual remote terminal 2, the network system to which it is 
connected, and the software it has access to. In this way, 
highly secure information can be made available for viewing 
but not made available to terminals which may have the 

25 capability to store or process the information further. 

However, whereas in the first embodiment, the receiver 
unit 6 would probably, but not necessarily, comprise a 
stand-alone piece of equipment, in this embodiment the 

30 receiver unit 6 is intended to be linked to the remote 
terminal 2 for the passage of information therebetween. 
This linkage could be by any conventional means, such as a 
plug/socket arrangement whereby the unit 6 is plugged into 
one of the output ports of the terminal 2 or an infrared 

35 transmission system. In this way, the receiver unit 6 forms 
a security key for the system and must be connected to the 
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terminal 2 before the latter can be used to access the host 
system 1 . 

The terminal 2 also comprises a central processing 
unit (CPU) in its own right and is preferably in the form 
of a personal computer (PC). In a similar fashion to the 
security key 6, the terminal 2 will also have its own 
terminal identity code. In addition, it runs security 
software which monitors other software which can be 
accessed and run by the terminal. The security software 
supplies appropriately encrypted software identity codes 
dependent on this software. 

The network system to which the terminal 2 is 
15 connected can also be verified. For example, the terminal's 
token ring identification code can be used for this 
purpose. 

With reference to Fig. 2, the system operates as 
20 follows. The user first attaches the receiver unit 6 or 
security key to the terminal 2 and enables the unit 6 by 
entering his second user identification code in the form 
of a secret PIN, via the keypad 8. This PIN is known only 
to the user and the receiver unit 6 could be constructed so 
25 that this number can be changed by the user by following a 
predetermined routine. 

The user's first identification code (USER ID), which 
can again comprise the user's name is entered into the 

30 terminal 2. In this embodiment, it is the security software 
running on the terminal 2 which enables the dialogue with 
the user. This security software now generates an access 
code or what can be considered as an access "claim" based 
on the user's identification code (USER ID) and one or 

35 more, and preferably all of the terminal identity code 
(TERMINAL ID), the network identification code (NETWORK 
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ID), and one or more software identity codes (SOFTWARE ID). 
This access code or claim is passed to the security server 
5 of the host computer system 1 that it is desired to 



access . 



The security server 5 deconstructs the access code or 
claim into its constituent parts. In the same way as the 
first embodiment, it uses the user identification code 
(USER ID) to access its database to locate the 

10 corresponding identity code for the appropriate receiver 
unit 6. As before, the security server 5 then generates a 
random code (Code A) and subjects this number to an 
encryption using the same one-way algorithm as is stored in 
the user's receiver 6 to produce the transformed code (Code 

15 B). However, in this embodiment a third code (Code E) is 
used as a second encryption key. This third Code E is 
obtained by using the other identification codes comprising 
the access claim as will now be described. 

20 The security server takes the terminal identity code 

and network identity code and combines these or parts of 
these in a predetermined manner to form a hardware code 
(HARDWARE ID) or first computer identification code. It 
then generates a second random number (Code Dl) which is 

25 encrypted using a predetermined one-way algorithm, to 
produce a first transformed code (Code El). 

A similar operation is performed on the software 
identity codes (SOFTWARE ID). If more than one of these 

30 comprises part of the access claim, then they are combined 
or parts of them are combined in a predetermined manner to 
form a single code which comprises the second computer 
identification code. The security server 5 generates a 
third random number (Code D2) , which is encrypted using a 

35 predetermined one-way algorithm to produce a second 
transformed code (Code E2) . 
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The first and second transformed codes, Code El and 
Code E2, are then combined in a predetermined manner to 
form a single transformed code which comprises the Code E 
which is used in the production of Code B. 

5 

As in the first embodiment, the security server 5 
transmits the first random code, Code A, along with an 
indentifier or identifying tag which can be recognized by 
the security key 6 to the paging system 7. The identifying 
10 tag and the random code, Code A, are then broadcast by the 
paging system 7 for the security key 6 to pick up, identity 
and store. 

In addition however, the security server 5 passes the 
15 second and third random numbers, Code Dl and Code D2, along 
with the transformed code, Code B, back to the host 
computer system 1. The host computer system 1 then passes 
the second and third random numbers, Code Dl and Code D2 , 
back to the terminal 2. The the security software running 
20 on the terminal 2 uses the Codes Dl and D2 along with the 
hardware and software identification codes , which it 
constructed as part of the access claim, to produce 
respectively transformed Codes Fl and F2. These are then 
are then combined in the same predetermined manner as the 
25 Codes El and E2 to produce a single transformed code, Code 
F. 

This single transformed code, Code F, is then passed 
by the terminal 2 to the security key 6. The security key 
30 is now able to encrypt the received Code A using the Code F 
and the user identification code it contains via the one- 
way algorithm in its logic circuitry to produce the 
transformed code. Code C. 

35 The resultant code, Code C, is then displayed on the 

display means 9 of the security key for the user to enter 
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into the terminal 2 at the behest of the host computer 
system 1 . The system 1 can then compare the entered 
transformed code, Code C, with that, Code B, transmitted to 
it from the security server 5. Access to the system 1 is 
then only permitted if the two codes, Code B and Code C, 
are identical. 

It will be appreciated that for Code B and Code C to 
be identical, then Codes E and F will also be identical 
assuming that the one-way algorithms used to produce same 
are also equivalent. 



Thus, the computer security system not only verifies 
that the user's identification code and the security key 6 
15 but also the terminal 2 and its network and stored 
software . 

It will be appreciated that a less complex security 
system code could simply verify the computer hardware being 
20 used and not the software. In this case a single random 
generated code, Code D, can be encrypted to produce a 
single transformed code, Code E, which can then be used 
directly in the encryption of Code A. 

25 As in the first embodiment, preferably all the 

algorithms used in the system should comprise one-way 
algorithms . 



In addition, in both embodiments the receiver unit or 
security key 6 is preferably always responsive to reception 
of its identifier regardless of whether or not it has been 
enabled by the user. Hence, the receiver 6 is responsive to 
reception of its identifier in circumstances when the 
authorised user is not attempting to gain access to the 
host system. In this way the receiver 6 can be used to 
alert the authorised user that an attempt at unauthorised 
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access is being made as well as act as a conventional 
pager which can request the user to log into a particular 
computer system 1 or otherwise receive pager messages. 
Thus, a host computer system 1 can request users to log in 
to receive, for example, electronic mail, or to carry out 
other operations. 
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CLAIMS 

1- A method of preventing unauthorised access to a host 
computer system (1) by a user at a remote terminal (2) 
5 comprising the steps of 

accepting a user identification code input to the 
terminal by the user; 

generating a random code (Code A) ; 

subjecting Code A to a transformation characteristic 
10 of a transformation algorithm identified by the input user 
identification code so as to generate a transformed code 
(Code B) ; 

transmitting Code A via a paging system (7), to a 
receiver (6) held by the user, the receiver (6) comprising 
15 transformation means adapted to transform the received Code 
A to a second transformed code (Code C) , and means (9) for 
displaying Code C to the user; 

accepting input of Code C to the terminal (2) by the 

user; 

20 comparing Code C with Code B; and 

permitting access to the host system (1) only if Code 
C matches Code B. 

2, A method as claimed in Claim 1, wherein the 
25 transformation algorithm identified by the input user 

identification code comprises a one-way algorithm. 

3. A method as claimed Claim 1 or Claim 2, wherein the 
receiver (6) can only be enabled for a predetermined period 

30 to permit it to transform the received Code A to the 
transformed Code C by input of a second user identification 
code by the user. 

4r. A method as claimed in any one of Claims 1 to 3, 
35 wherein the signal incorporating Code A which is 
transmitted by the paging system (7) also incorporates an 
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identifier to enable the receiver to pick out the signal 
from a plurality which may be being transmitted at the same 
time . 

5 5. A method as claimed in Claim 4, wherein the receiver 
(6) is always responsive to reception of its identifier 
regardless of whether or not it has been enabled by the 
user. 

10 6- A method as claimed in any one of Claims 1 to 5 , 
wherein the remote terminal (2) comprises a central 
processing unit (CPU) and the method comprises the 
additional steps of 

generating an access code by the terminal (2) based on 

15 the user identification code and at least one of a terminal 
code for identifying the remote terminal, a network 
identification code for identifying which of a plurality of 
networks the remote terminal is connected to, and a 
software code identifying the presence or absence of 

20 particular software stored at the remote terminal site and 
accessible by its CPU; 

transmitting the access code to the host computer 
system (1) ; 

deconstructing the access code to produce at least one 
25 computer identification code and the user identification 
code ; 

generating a second random code (Code D) ; 

subjecting Code D and the computer identification code 
to a transformation characteristic of a transformation 
30 algorithm so as to generate a transformed code (Code E) ; 

subjecting Code A to a transformation characteristic 
of both the transformation algorithm identified by the 
input user identification code and Code E so as to generate 
the transformed code (Code B) ; 
35 passing Code D to the remote terminal (2) which also 

subjects Code D and the computer identification code to a 
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transformation characteristic of a transformation algorithm 
so as to generate a transformed code (Code F) ; 

passing Code F to the receiver (6) from the remote 
terminal which also subjects Code A to a transformation 
5 characteristic of both the transformation algorithm 
identified by the input user identification code and Code F 
so as to generate the transformed code (Code C) ; . 

7. A method as claimed in Claim 6, comprising the 
10 additional steps of 

deconstructing the access code to produce the user 
identification code, a first computer identification code 
characteristic of the computer hardware identifying 
portions of the access code and a second computer 
identification code characteristic of the computer software 
identifying portions of the access code; 

generating a second random code (Code Dl) and a third 
random code (Code D2) ; 

subjecting. Code Dl and the first computer 
20 identification code to a transformation characteristic of a 
transformation algorithm so as to generate a transformed 
code (Code El) ; 

subjecting Code D2 and the second computer 
identification code to a transformation characteristic of a 
25 transformation algorithm so as to generate a transformed 
code (Code E2) ; 

combining in a predetermined fashion Codes El and E2 
or parts thereof to produce the transformed code (Code E) ; 

passing Code Dl and Code D2 to the remote terminal (2) 
30 which subjects Code Dl and the first computer 
identification code to a transformation characteristic of a 
transformation algorithm so as to generate a transformed 
code (Code Fl) , and which subjects Code D2 and the second 
computer identification code to a transformation 
35 characteristic of a transformation algorithm so as to 
generate a transformed code (Code F2); and 



BNSDOCID: <WO 9519593A1_I_> 



WO 95/19593 



18 



PCT/GB95/00059 



combining in a predetermined fashion Codes Fl and F2 
or parts thereof to produce the transformed code (Code F) . 

8. A method as claimed in Claim 6 or Claim 7, wherein the 
5 receiver (6) can be releasably connected to the remote 
terminal (2) by means of a plug and socket arrangement or 
an infrared transmission system for the passage of 
inf ormat i on therebetween . 

10 9. A method as claimed in any one of Claims 1 to 8 , 
wherein the host computer system (1) comprises a security 
server system (5) which generates each of the random 
codes, stores the transformation algorithms identified by 
the input user identification codes, and transmits codes to 

15 the receiver (6) via the paging system (7). 

10. Apparatus for preventing unauthorized access to a host 
computer system (1) by a user at a remote terminal (2) , the 
20 apparatus comprising 

means for accepting a user identification code input 
to the terminal by the user; 

means for generating a random code (Code A), and for 
subjecting Code A to a transformation to generate a 
25 transformed code (Code B) ; 

a transmitter for transmitting Code A via a paging 
system (7) ; 

a receiver (6) held by the user, the receiver (6) 
comprising transformation means adapted to transform the 
30 received Code A to a second transformed code (Code C) , and 
means (9) for displaying Code C to the user; 

means (8) for accepting input of Code C by the user; 
means for comparing Code C with Code B; and 
means for permitting access to the host system if Code 
35 C matches Code B. 
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11. Apparatus as claimed in Claim 10, wherein the remote 
terminal (2) comprises a central processing unit (CPU) . 

12. Apparatus as claimed in Claim 11, wherein the receiver 
5 (6) can be linked to the central processing unit (2) either 

by a plug/socket arrangement or by an infrared transmission 
system for the passage of information therebetween. 

13. Apparatus as claimed in Claim 11 or 12, wherein the 
10 remote terminal (2) comprises a terminal connected into a 

token ring network. 

14. Apparatus as claimed in any one fo Claims 10 to 13, 
comprising a security server system (5) which generates 

15 each of the random codes, stores the transformation 

algorithms identified by the input user identification 
codes, and transmits codes to the receiver (6) via the 
paging system (7) . 
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